Florida International University is in the process of sending notification letters to 19 407 students and 88 faculty members after the university’s IT Security Office discovered personal data may have been exposed over the internet via a database’s external search function.
The possible breach was uncovered in early May 2010 after the IT Security Office conducted a review of an unrelated hacking incident against the FIU College of Education website. According to the notification letter obtained by Infosecurity, the office found the “existence of a database containing sensitive information that did not reside in a secure computing environment”.
An announcement posted on the FIU website lists the personal data as GPAs, test scores, and Social Security numbers that were stored on the College of Education’s E-Folio software app. This database kept track of student data related to state mastery standards, grade tracking, assignments, and Social Security numbers for both students and faculty.
FIU was required to notify affected students and faculty, and both the notification letter and web announcement provided information on credit monitoring. The university stated that it is not aware of any attempts to use the information.
“Upon discovery, the University IT Security Office and the College of Education took immediate steps to remove the database from any external search capability, and to prevent the recurrence of any other data security breach involving this information”, noted the letter, which an FIU spokesperson said are currently being mailed to those affected.